Upgrade to Nix 25.11 and migrate configs

Update flake inputs and flake.lock to Nix/nixpkgs and home-manager release 25.11; bump home.stateVersion and setup script NIXOS_RELEASE. Migrate git config to new Home Manager layout (programs.git.settings, aliases under settings.alias), adjust delta config path, and reorganize SSH into matchBlocks with enableDefaultConfig=false to avoid global leaks. Simplify snapd session variable handling to avoid recursion. Misc: tweak Dashy title, replace du-dust->dust and plex-media-player -> plex-desktop, remove unused hostname arg, and add GitHub Copilot instructions document.
2025-12-11 16:28:22 +01:00
parent cc359274bc
commit 2947ea8060
11 changed files with 181 additions and 111 deletions
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,71 @@
 # GitHub Copilot Instructions
 ## Project Overview
 This repository manages system configurations (dotfiles) using a hybrid approach:
 - **Nix (Home Manager):** Manages user environment, CLI tools, and dotfile symlinks.
 - **Ansible:** Manages system-level configurations, services (Docker containers), and secrets.
 - **Python (`dotf`):** A custom CLI wrapper to orchestrate updates and maintenance.
 ## Architecture
 ### Nix & Home Manager
 - **Entry Point:** `flake.nix` defines `homeConfigurations` for each host (e.g., `mennos-desktop`, `mennos-server`).
 - **Configuration:** `home.nix` is the main module, conditionally importing from `packages/` and `server/` or `workstation/` based on the `isServer` flag.
 - **Packages:** Defined in `packages/{common,server,workstation}/packages.nix`.
 ### Ansible
 - **Playbook:** `ansible/playbook.yml` is the main entry point.
 - **Inventory:** `ansible/inventory.ini` defines host groups (`workstations`, `servers`). All connections are `local`.
 - **Tasks:** Organized in `ansible/tasks/`:
  - `global/`: Applied to all hosts.
  - `servers/`: Applied to server hosts.
  - `workstations/`: Applied to workstation hosts.
 - **Services:** Docker services are defined in `ansible/tasks/servers/services/`.
 ### CLI Tool (`dotf`)
 - **Location:** `bin/dotf` (entry point) and `bin/actions/` (logic).
 - **Purpose:** Abstracts complex `home-manager` and `ansible-playbook` commands.
 ## Critical Workflows
 ### Applying Changes
 Do not run `home-manager` or `ansible-playbook` directly unless debugging. Use the `dotf` CLI:
 - **Update everything:** `dotf update`
 - **Update only Home Manager:** `dotf update --ha`
 - **Update only Ansible:** `dotf update --ansible`
 - **Run specific Ansible tags:** `dotf update --tags <tag_name>` (e.g., `dotf update --tags caddy`)
 ### Adding Packages
 1. Identify if the package is for `common`, `server`, or `workstation`.
 2. Edit the corresponding `packages/<type>/packages.nix`.
 3. Add the package name to the `home.packages` list.
 ### Adding Services (Servers)
 1. Create a new YAML file in `ansible/tasks/servers/services/<service_name>/`.
 2. Define the Docker container and related configuration.
 3. Ensure the task is imported in `ansible/tasks/servers/server.yml` (or the relevant parent file).
 ## Conventions & Patterns
 - **Secrets:** Use 1Password integration. Secrets are fetched via the custom lookup plugin or `op` CLI.
 - **Host-Specific Logic:**
  - **Nix:** Use the `isServer` argument or check `hostname` in modules.
  - **Ansible:** Use `when: inventory_hostname in [...]` or group-based imports in `playbook.yml`.
 - **Path References:** Use `{{ playbook_dir }}` in Ansible and relative paths in Nix.
 - **Python Scripts:** Located in `bin/`, use `helpers.functions` for common output formatting (`printfe`).
 ## Key Files
 - `flake.nix`: Host definitions.
 - `home.nix`: Main Home Manager config.
 - `ansible/playbook.yml`: Main Ansible playbook.
 - `bin/actions/update.py`: The update logic implementation.
--- a/ansible/tasks/servers/services/dashy/conf.yml.j2
+++ b/ansible/tasks/servers/services/dashy/conf.yml.j2
@@ -30,8 +30,7 @@ sections:
        url: https://drive.mvl.sh
        id: 3_1035_nxtcld
        statusCheck: true
-      - title: ComfyUI
+      - title: SD.Next / ComfyUI
        icon: http://mennos-server:8188/assets/favicon.ico
        url: http://mennos-server:8188
        statusCheckUrl: http://host.docker.internal:8188/api/system_stats
        id: 3_1035_comfyui
--- a/config/git.nix
+++ b/config/git.nix
@@ -1,6 +1,5 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
@@ -10,14 +9,17 @@
    enable = true;
    # Basic configuration
    userName = "Menno van Leeuwen";
    userEmail = "menno@vleeuwen.me";
    signing = lib.mkIf (!config.isServer) {
      key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+sKpcREOUjwMMSzEWAso6830wbOi8kUxqpuXWw5gHr";
    };
-    # Git settings
+    # Git settings (migrated to `programs.git.settings` for Nix 25.11+)
-    extraConfig = {
+    settings = {
      user = {
        name = "Menno van Leeuwen";
        email = "menno@vleeuwen.me";
      };
      init = {
        defaultBranch = "main";
      };
@@ -108,93 +110,93 @@
      protocol = {
        version = 2;
      };
    };
-    # Git aliases
+      # Git aliases moved under `settings.alias` per Nix 25.11
-    aliases = {
+      alias = {
-      # Status and info
+        # Status and info
-      st = "status -sb";
+        st = "status -sb";
-      s = "status";
+        s = "status";
-      stat = "status";
+        stat = "status";
-      # Logging
+        # Logging
-      l = "log --oneline --graph --decorate";
+        l = "log --oneline --graph --decorate";
-      ll = "log --graph --pretty=format:'%C(yellow)%h%Creset -%C(red)%d%Creset %s %C(green)(%cr) %C(blue)<%an>%Creset' --abbrev-commit --date=relative";
+        ll = "log --graph --pretty=format:'%C(yellow)%h%Creset -%C(red)%d%Creset %s %C(green)(%cr) %C(blue)<%an>%Creset' --abbrev-commit --date=relative";
-      lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
+        lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
-      lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
+        lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
-      hist = "log --pretty=format:'%h %ad | %s%d [%an]' --graph --date=short";
+        hist = "log --pretty=format:'%h %ad | %s%d [%an]' --graph --date=short";
-      # Diff
+        # Diff
-      d = "diff";
+        d = "diff";
-      dc = "diff --cached";
+        dc = "diff --cached";
-      ds = "diff --staged";
+        ds = "diff --staged";
-      dt = "difftool";
+        dt = "difftool";
-      # Add and commit
+        # Add and commit
-      a = "add";
+        a = "add";
-      aa = "add -A";
+        aa = "add -A";
-      ap = "add -p";
+        ap = "add -p";
-      c = "commit";
+        c = "commit";
-      cm = "commit -m";
+        cm = "commit -m";
-      ca = "commit -am";
+        ca = "commit -am";
-      amend = "commit --amend";
+        amend = "commit --amend";
-      # Checkout and branch
+        # Checkout and branch
-      co = "checkout";
+        co = "checkout";
-      cb = "checkout -b";
+        cb = "checkout -b";
-      br = "branch";
+        br = "branch";
-      bra = "branch -a";
+        bra = "branch -a";
-      bd = "branch -d";
+        bd = "branch -d";
-      bdd = "branch -D";
+        bdd = "branch -D";
-      # Remote
+        # Remote
-      r = "remote";
+        r = "remote";
-      rv = "remote -v";
+        rv = "remote -v";
-      # Push and pull
+        # Push and pull
-      p = "push";
+        p = "push";
-      pf = "push --force-with-lease";
+        pf = "push --force-with-lease";
-      pu = "push -u origin";
+        pu = "push -u origin";
-      pl = "pull";
+        pl = "pull";
-      pom = "push origin main";
+        pom = "push origin main";
-      plom = "pull origin main";
+        plom = "pull origin main";
-      # Reset and clean
+        # Reset and clean
-      unstage = "reset HEAD --";
+        unstage = "reset HEAD --";
-      undo = "reset --soft HEAD~1";
+        undo = "reset --soft HEAD~1";
-      undohard = "reset --hard HEAD~1";
+        undohard = "reset --hard HEAD~1";
-      clean-branches = "!git branch --merged | grep -v '\\*\\|master\\|main\\|develop' | xargs -n 1 git branch -d";
+        clean-branches = "!git branch --merged | grep -v '\\*\\|master\\|main\\|develop' | xargs -n 1 git branch -d";
-      # Stash
+        # Stash
-      ss = "stash save";
+        ss = "stash save";
-      sp = "stash pop";
+        sp = "stash pop";
-      sl = "stash list";
+        sl = "stash list";
-      sd = "stash drop";
+        sd = "stash drop";
-      # Tags
+        # Tags
-      tags = "tag -l";
+        tags = "tag -l";
-      # Show
+        # Show
-      show-files = "show --pretty=\"\" --name-only";
+        show-files = "show --pretty=\"\" --name-only";
-      # Worktree
+        # Worktree
-      wt = "worktree";
+        wt = "worktree";
-      # Maintenance
+        # Maintenance
-      cleanup = "!git remote prune origin && git gc && git clean -df && git stash clear";
+        cleanup = "!git remote prune origin && git gc && git clean -df && git stash clear";
-      # Find
+        # Find
-      find = "!git ls-files | grep -i";
+        find = "!git ls-files | grep -i";
-      grep = "grep -Ii";
+        grep = "grep -Ii";
-      # Contributors
+        # Contributors
-      contributors = "shortlog --summary --numbered --email";
+        contributors = "shortlog --summary --numbered --email";
-      # Current branch
+        # Current branch
-      current = "rev-parse --abbrev-ref HEAD";
+        current = "rev-parse --abbrev-ref HEAD";
-      # Ignore
+        # Ignore
-      ignore = "!gi() { curl -sL https://www.toptal.com/developers/gitignore/api/$@ ;}; gi";
+        ignore = "!gi() { curl -sL https://www.toptal.com/developers/gitignore/api/$@ ;}; gi";
      };
    };
    # Global gitignore
@@ -246,7 +248,7 @@
  };
  # Delta for better git diffs
-  programs.git.delta = {
+  programs.delta = {
    enable = true;
    options = {
      features = "decorations";
--- a/config/ssh.nix
+++ b/config/ssh.nix
@@ -3,14 +3,20 @@
 {
  programs.ssh = {
    enable = true;
-    compression = true;
+    enableDefaultConfig = false;
    serverAliveInterval = 60;
    serverAliveCountMax = 3;
-    # SSH Multiplexing - reuses existing SSH connections for multiple sessions, reducing authentication overhead and improving speed for subsequent logins.
+    matchBlocks = {
-    controlPath = "~/.ssh/master-%r@%n:%p";
+      "*" = {
-    controlMaster = "auto";
+        compression = true;
-    controlPersist = "600";
+        serverAliveInterval = 60;
        serverAliveCountMax = 3;
        # SSH Multiplexing - reuses existing SSH connections for multiple sessions, reducing authentication overhead and improving speed for subsequent logins.
        controlPath = "~/.ssh/master-%r@%n:%p";
        controlMaster = "auto";
        controlPersist = "600";
      };
    };
    # Include custom configs from 1Password (See packages/common/secrets.nix)
    includes = [
--- a/flake.lock
+++ b/flake.lock
@@ -25,32 +25,32 @@
        ]
      },
      "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1765384171,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-FuFtkJrW1Z7u+3lhzPRau69E0CNjADku1mLQQflUORo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "44777152652bc9eacf8876976fa72cc77ca8b9d8",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1765363881,
+        "lastModified": 1765311797,
-        "narHash": "sha256-3C3xWn8/2Zzr7sxVBmpc1H1QfxjNfta5IMFe3O9ZEPw=",
+        "narHash": "sha256-mSD5Ob7a+T2RNjvPvOA1dkJHGVrNVl8ZOrAwBjKBDQo=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d2b1213bf5ec5e62d96b003ab4b5cbc42abfc0d0",
+        "rev": "09eb77e94fa25202af8f3e81ddc7353d9970ac1b",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -2,9 +2,9 @@
  description = "menno's dotfiles";
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
    home-manager = {
-      url = "github:nix-community/home-manager/release-25.05";
+      url = "github:nix-community/home-manager/release-25.11";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    opnix.url = "github:brizzbuzz/opnix";
--- a/home.nix
+++ b/home.nix
@@ -45,7 +45,7 @@
    home = {
      username = "menno";
      homeDirectory = "/home/menno";
-      stateVersion = "25.05";
+      stateVersion = "25.11";
      sessionVariables = {
        PATH = "${config.home.homeDirectory}/go/bin:$PATH";
        DOTFILES_PATH = "${config.home.homeDirectory}/.dotfiles";
--- a/packages/common/packages.nix
+++ b/packages/common/packages.nix
@@ -1,6 +1,5 @@
 {
  pkgs,
  hostname,
  ...
 }:
 {
@@ -31,7 +30,7 @@
    eza # Modern ls
    bat # Modern cat
    broot # Interactive directory navigator
-    du-dust # Modern du
+    dust # Modern du
    duf # Modern df
    zip
    unzip
--- a/packages/workstation/packages.nix
+++ b/packages/workstation/packages.nix
@@ -26,7 +26,7 @@ in
    scrcpy
    ## Multimedia
-    plex-media-player
+    plex-desktop
    vlc
    ## Astronomy
--- a/setup.sh
+++ b/setup.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 IFS=$'\n\t'
 # Constants
-readonly NIXOS_RELEASE="25.05"                                      # Home Manager release version (Must match NixOS version)
+readonly NIXOS_RELEASE="25.11"                                      # Home Manager release version (Must match NixOS version)
 readonly GIT_REPO="https://git.mvl.sh/vleeuwenmenno/dotfiles.git"   # Dotfiles repository URL
 readonly DOTFILES_PATH="${HOME}/.dotfiles"                          # Dotfiles directory
 readonly SETUP_MARKER="${HOME}/.dotfiles-setup"                     # Setup marker file indicates setup has been run
--- a/workstation/snapd.nix
+++ b/workstation/snapd.nix
@@ -1,17 +1,10 @@
 { config, lib, ... }:
 let
  # Merge our session variable into any existing ones, if present.
  existingSessionVars = config.home.sessionVariables or {};
  sessionVars = existingSessionVars // {
    # Prepend snap desktop dir so snap-provided .desktop files are discovered by desktop environments.
    # We include `$XDG_DATA_DIRS` to preserve any previously-set value at runtime.
    XDG_DATA_DIRS = "/var/lib/snapd/desktop:$XDG_DATA_DIRS";
  };
 in
 {
  config = {
-    # Use mkForce to ensure this module's value takes precedence when modules are merged.
+    # Prepend snap desktop dir so snap-provided .desktop files are discovered by desktop environments.
-    home.sessionVariables = lib.mkForce sessionVars;
+    # We include `$XDG_DATA_DIRS` to preserve any previously-set value at runtime.
    # Avoid reading `config.home.sessionVariables` here to prevent evaluation recursion.
    home.sessionVariables.XDG_DATA_DIRS = "/var/lib/snapd/desktop:$XDG_DATA_DIRS";
  };
 }